<?php
// This page lets a user change their password.

// Set the page title and include the HTML header.
$page_title = 'Change Your Password';
include ('./includes/header.html');
?>

<h2>Forgot Your Password?</h2>
<p>If you have forgotten your password, enter your username below. <br>A new password will be generated and emailed to you.

<?
// Check if the form has been submitted.
if (isset($_POST['submitted'])) {


	require_once ('mysql_connect.php'); // Connect to the db.

	// Create a function for escaping the data.
	function escape_data ($data) {
		global $dbc; // Need the connection.
		if (ini_get('magic_quotes_gpc')) {
			$data = stripslashes($data);
		}
		return mysql_real_escape_string(trim($data), $dbc);
	} // End of function.

	$errors = array(); // Initialize error array.

	// Check for an email address.
	if (empty($_POST['email'])) {
		$errors[] = 'You forgot to enter your email address.';
	} else {
		$e = escape_data($_POST['email']);
	}

	if (empty($errors)) { // If everything's OK.

		// Check that they've entered the right email address/password combination.
		$query = "SELECT user_id FROM UI WHERE (email='$e')";
		$result = mysql_query($query);
		$num = mysql_num_rows($result);
		if (mysql_num_rows($result) == 1) { // Match was made.

			// Get the user_id.
			$row = mysql_fetch_array($result, MYSQL_NUM);

			// Make the UPDATE query.
			$np=(rand(100000000,1000000000));
			$query = "UPDATE UI SET password='$np' WHERE user_id=$row[0]";
			$result = @mysql_query ($query);
			if (mysql_affected_rows() == 1) { // If it ran OK.

				// Send an email, if desired.

				mail( "$e", "Password - cseg674", "Username: $e \r\nPassword: $np \r\n\r\n", "From: DoNotReply@cseg674.com" );

				// Print a message.
				echo '<h2>Thank you for using our system!</h2>
				<p>A new password was generated and emailed to you!<p><br /></p>';

				// Include the footer and quit the script (to not show the form).
				include ('./includes/footer.html');
				exit();

			} else { // If it did not run OK.
				echo '<h4 id="mainhead">Error:</h4>
				<p class="error"><br />- The username you provided was not found in our database. <br />'; // Public message.
			//	echo '<p>' . mysql_error() . '<br /><br />Query: ' . $query . '</p>'; // Debugging message.
				include ('./includes/footer.html');
				exit();
			}

		} else { // Invalid email address/password combination.
			echo '<h4 id="mainhead">Error:</h4>
			<p class="error"><br />- The username you provided was not found in our database. <br />';
		}

	} else { // Report the errors.

		echo '<h4 id="mainhead">Error:</h4>
		<p class="error"><br />';
		foreach ($errors as $msg) { // Print each error.
			echo " - $msg<br />\n";
		}
		echo '</p><p></p><p><br /></p>';

	} // End of if (empty($errors)) IF.

	mysql_close(); // Close the database connection.

} // End of the main Submit conditional.
?>
<p>Enter your user id/email address..
<p>&nbsp;
<form action="password.php" method="post">
	<p>Email address: <input type="text" name="email" size="20" maxlength="40" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>"  /> </p>
	<p><input type="submit" name="submit" value="Send" /></p>
	<input type="hidden" name="submitted" value="TRUE" />
</form>
<p>&nbsp;
<p>&nbsp;
<p>&nbsp;
<?php
include ('./includes/footer.html');
?>
